On Feb 7, 2023, at 4:01 PM, Steven Walters <steven.walters1@gmail.com> wrote:
We have guest broadband user accounts. I would like RADIUS to respond with access-accept on PAP even if the password is incorrect. I will then write to the database to indicate the session has an incorrect password and allow the PPPoE to connect to the internet.
This will allow the agent to access the CPE to update the password.
What is the best way to achieve this, that is to respond with an authentication success even if the password is incorrect for a specific username?
You can just use the "accept" policy: authorize { ... accept } And it will accept the user. If you're actually checking passwords, it will have to be a bit different: authenticate { ... Auth-Type pap { pap { reject = 1 } if (reject) { accept } } } Though I would strongly recommend putting these users into a limited VLAN. They should have access to update the password, but shouldn't be allowed to connect to the internet. Alan DeKok.